Reference Guide
Example
An ACL rule with TCP port lt 1023 takes only one entry in the CAM:
Rule# Data Mask From To #Covered
1 0000000000000000 1111110000000000 0 1023 1024
Total Ports: 1024
Related
Commands
deny – assigns a filter to deny IP traffic.
deny udp – assigns a filter to deny UDP traffic.
deny udp
Configure a filter to drop user datagram protocol (UDP) packets meeting the filter criteria.
S5000
Syntax
deny udp {source address mask | any | host ipv6-address}
[operator port [port]] {destination address | any | host ipv6-
address
} [operator port [port]] [count [byte]] | [monitor]
To remove this filter, you have two choices:
• Use the no seq sequence-number command syntax if you know the filter’s
sequence number
• Use the no deny udp {source address mask | any | host ipv6-
address} {destination address | any | host ipv6-address}
command
Parameters
source address Enter the IPv6 address of the network or host from which the
packets were sent in the x:x:x:x::x format followed by the
prefix length in the /x format. The range is /0 to /128. The ::
notation specifies successive hexadecimal fields of zero.
mask Enter a network mask in /prefix format (/x).
any Enter the keyword any to specify that all routes are subject
to the filter.
host ipv6-
address
Enter the keyword host followed by the IPv6 address of the
host in the x:x:x:x::x format. The :: notation specifies
successive hexadecimal fields of zero.
operator (OPTIONAL) Enter one of the following logical operand:
• eq = equal to
• neq = not equal to
• gt = greater than
• lt = less than
• range = inclusive range of ports (you must specify two
ports for the port command parameter).
IPv6 Access Control Lists (IPv6 ACLs)
657